Requirement phase


Why should I concern myself about security already during requirements setting?

Some developers, when they start developing a new product, underestimate the importance of getting to know the fundamental security assets and threats in the field. There are often applicable standards or even laws, and almost always best practices that could be followed, yet some developers tend to focus on product features laying too little emphasis on security features. Often a new technology that is incorporated into products has security settings that are complicated to configure. Or the new tech might have no security features at all, and the adopters should augment it with security by creating new solutions. This is most effectively and, more important, efficiently done before requirements are finalized and design is started. When you have security as a feature from the beginning, it's all so simple. You don't need to re-iterate your development process.

What can I do then to adopt security as early as possible in the design?

First of all you should be aware of your security needs. The first step is adopting security thinking in your organization. This includes conscious and planned actions to promote the importance of security, such as training your employees. Only when security becomes a core value, can you build security you're your products. Once this is done you should perform misuse-case analysis, risk analysis and based on these security requirement setting for all your projects.

How can SEARCH-LAB help me in this?

We have been actively following product lifecycles for more than a decade, including security flops. We have studied and analyzed what should have been done to prevent or avoid them in the first place. We are keeping pace with the new security challenges posed by emerging technologies.

If you feel that you would like to solve your security within your organization, then we can help you by educating your people, before they start working on the project. Just as well if you would like external experts to look at the results your developers proposed, from the security perspective, we can do it for you. Alternatively we can also do the security planning for you. Be it misuse case collection or risk analysis or security requirement setting, you can trust it to us.